Configure Nexus Repo 3.17.0 to use Atlassian Crowd authentication. Then go to the "security–>users" screen, and switch the source drop down to "crowd". This will trigger an query like this to crowd:
2019-06-26 11:35:19,379-0500 DEBUG [qtp1396977020-400] admin org.apache.http.headers - http-outgoing-5 >> POST /rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=2147483647&expand=user HTTP/1.1
Note the value of "max-results".
We then iterate over every single result, and get the user's details, and make a second query to get their crowd groups.
In a large crowd server this can take a very, very long time. Against our own crowd server this was running for more than 15 minutes before I finally gave up and killed it.
Expected: We should not do any search by default, instead wait for a user to input a search term. And after inputing the search term we should limit the number of results that can be retrieved.
Note that Nexus Repo 2 does not do a default search for crowd.
This issue can make crowd unusable for customers that have very large crowd directories.